101010-weak-security-on-accounts
Content ---- ---- Chua tell Human not to worry. "hacker" trying to access website, but cannot access email. So long no access to email, account fine. Chua ask if have authenticator? | |} ---- ---- keylogger? | |} ---- ---- Wait... you can't change the email address from the account page? You have to go through CS? | |} ---- ---- Bingo. They can't break in, and with more and more customers wising up and going to authenticators they are left having to phish for account information - even going as far as replicating WildStar's login screen to entice customers to enter their information. The email I have associated with my WildStar account is exclusive to my WildStar account, and I change it every 90 days. Thus I have never received a phishing email. | |} ---- I am using the curse client. has it really been suspected of sending data to a third party? Anyway I used hotmail's "alias" feature to create a new, unique email and support was able to help me change it in like an hour, was super fast. I swear not to use this wildstar alias on any other site!! hopefully I don't get breakin attempts anymore! | |} ---- Well you know how support sends you 10 emails everytime you report a bot, well I added the wildstar email to auto delete. so I kind of deleted the change email support email by accident, and you can only do it once per 90 days, so I had to have support do it for me | |} ---- YES, its been like this on MANY games, always install add ons manually to reduce the risk. And add an authenitcator if you haven't already | |} ---- Is it your NCSoft account that is getting break in attempts, or your email? Very confused here. Because if it's the email, there is not much NCSoft or Carbine can do. Scan your system with Malwarebytes, it's free and it's one of the best to remove malware like keyloggers and such. This is high grade bullshit though. I have been using Curse for years and never ever have I had a problem, just as many others. There is no proof of this. The only way this could happen is if you downloaded an addon on a shady website that is not curse.com. Everytime people get hacked, they always think: "How is this possible? My system so secure, AV running and all." And then they start blaming some simple programs, but most of the time they just got brute forced. | |} ---- If I understand this right, he's trying to say that the email itself is getting break in attempts, but since he is only using it for Wildstar (as NCSoft login?) then something associated to Wildstar is distributing his email information somehow, or someone is somehow getting access to people's email addresses. | |} ---- thats fine if you disagree, but its happens all the time, i'm at work or I would find thread about it Not specificly what i was talking about but its a start http://www.symantec.com/connect/blogs/fake-curse-client-stealing-wows-user-credentials Edited July 24, 2014 by BadDogEDN | |} ---- ---- Well if OP is telling the truth they shouldn't have been able to get his email address just saying | |} ---- That (more here: http://support.curse.com/entries/37138437-Security-Issue-Fake-Curse-Site-and-Client) is the only confirmed issue that curse has ever had any problems and it wasn't even curse. There's always the chance that addons, in other games, can do fishy things, but NO addon is loaded, in Wildstar, until you're in-game, and installing manually wouldn't have alleviated it. | |} ---- Who knows. But just wanted to point out the one phishing attempt we know about. | |} ---- do you think they would tell you if they have an issue on their end...? | |} ---- "Fake Curse Client". Rumors stay rumors untill there is proof, there is also a rumor there is a magnificent beast roaming in Loch Ness. There are many threads about that too. Nobody has actually come up with proof Curse steals your passwords, so all those people that got hacked just want to blame something, but 9/10 they just got bruteforced because their password is crackable in a few minutes by a PC. The only way to get infected is if you let yourself be infected, download from shady websites, open .exe you don't actually know where it's from (especially accepting UACs from programs you don't know). Running javascripts on shady websites that you just accepted installing RATs. That sort of stuff. If the hacker can still infect your PC without you actually doing anything, believe me he has no need for someones Wildstar account. To the OP: Scan your system with Malwarebytes, I cannot stress this enough, it's truly a great anti-malware program, scan your system for keyloggers and other malware. | |} ---- I had reason to reach out to support the other day with an authenticator problem (changed phones). They got back to me in less than an hour and the whole issue was completed in a just a few hours. | |} ---- If the email address he/she uses for WildStar is exclusive to WildStar, then one would have to agree. However if the email address he/she uses for WildStar is NOT exclusive to WildStar, then all bets are off. Especially if it is also used for other forums and/or social media outlets like Twitter, Facebook, Youtube, EBay, Reddit, Craig's List, etc ... and even more especially if those accounts or their posts are somehow linked back to WildStar. I would even go so far as to recommend a unique email for Curse ... just in case. Is this a pain in the ass? You bet. But the pain of consequence hurts a lot worse than any inconvenience prevention might cause. | |} ----